dependabot[bot] opened a new pull request, #2999: URL: https://github.com/apache/servicecomb-java-chassis/pull/2999
Bumps [okhttp](https://github.com/square/okhttp) from 3.14.2 to 4.6.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/square/okhttp/blob/parent-4.6.0/CHANGELOG.md";>okhttp's changelog</a>.</em></p> <blockquote> <h2>Version 4.6.0</h2> <p><em>2020-04-28</em></p> <ul> <li> <p>Fix: Follow HTTP 307 and 308 redirects on methods other than GET and POST. We're reluctant to change OkHttp's behavior in handling common HTTP status codes, but this fix is overdue! The new behavior is now consistent with [RFC 7231][rfc_7231_647], which is newer than OkHttp itself. If you want this update with the old behavior use [this interceptor][legacy_interceptor].</p> </li> <li> <p>Fix: Don't crash decompressing web sockets messages. We had a bug where we assumed deflated bytes in would always yield deflated bytes out and this isn't always the case!</p> </li> <li> <p>Fix: Reliably update and invalidate the disk cache on windows. As originally designed our internal <code>DiskLruCache</code> assumes an inode-like file system, where it's fine to delete files that are currently being read or written. On Windows the file system forbids this so we must be more careful when deleting and renaming files.</p> </li> <li> <p>Fix: Don't crash on Java 8u252 which introduces an API previously found only on Java 9 and above. See [Jetty's overview][jetty_8_252] of the API change and its consequences.</p> </li> <li> <p>New: <code>MultipartReader</code> is a streaming decoder for [MIME multipart (RFC 2045)][rfc_2045] messages. It complements <code>MultipartBody</code> which is our streaming encoder.</p> <pre lang="kotlin"><code>val response: Response = call.execute() val multipartReader = MultipartReader(response.body!!) <p>multipartReader.use { while (true) { val part = multipartReader.nextPart() ?: break process(part.headers, part.body) } } </code></pre></p> </li> <li> <p>New: <code>MediaType.parameter()</code> gets a parameter like <code>boundary</code> from a media type like <code>multipart/mixed; boundary="abc"</code>.</p> </li> <li> <p>New: <code>Authenticator.JAVA_NET_AUTHENTICATOR</code> forwards authentication requests to <code>java.net.Authenticator</code>. This obsoletes <code>JavaNetAuthenticator</code> in the <code>okhttp-urlconnection</code> module.</p> </li> <li> <p>New: <code>CertificatePinner</code> now offers an API for inspecting the configured pins.</p> </li> <li> <p>Upgrade: [Okio 2.6.0][okio_2_6_0].</p> <pre lang="kotlin"><code>implementation("com.squareup.okio:okio:2.6.0") </code></pre> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/square/okhttp/commit/0deadd5611c4bc793a776aaaa68710012e456b9f";><code>0deadd5</code></a> Prepare for release 4.6.0.</li> <li><a href="https://github.com/square/okhttp/commit/0cc3aefa8ee328409bc6797e501308ba0b3c5e17";><code>0cc3aef</code></a> Complies with rfc7231 about statuses 307 and 308 (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/5990";>#5990</a>)</li> <li><a href="https://github.com/square/okhttp/commit/269f5567ae209effb72b8bee89cff23b9c28b5d5";><code>269f556</code></a> Confirm MultipartBody and MultipartReader can work together (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/5999";>#5999</a>)</li> <li><a href="https://github.com/square/okhttp/commit/42954034ab299265d4b4118f7086e93a5d8ef9a3";><code>4295403</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/square/okhttp/issues/5998";>#5998</a> from square/jwilson.0427.fresh_public_suffixes</li> <li><a href="https://github.com/square/okhttp/commit/16ca1d46c66a3a9244d7634447281da1dd96b9c7";><code>16ca1d4</code></a> Update the public suffixes DB</li> <li><a href="https://github.com/square/okhttp/commit/8036ad42b0bb7bdc18c0dc12438fdbba7aa7f255";><code>8036ad4</code></a> Check in the old public suffix DB</li> <li><a href="https://github.com/square/okhttp/commit/a1bc5c625d92d3758f33b8681fdfcfe986fb1a54";><code>a1bc5c6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/square/okhttp/issues/5996";>#5996</a> from square/jwilson.0427.response_body</li> <li><a href="https://github.com/square/okhttp/commit/9d3eb93b8b0fa22959f1d035f365b4fd6265e7f1";><code>9d3eb93</code></a> Parse response bodies as multipart</li> <li><a href="https://github.com/square/okhttp/commit/f7c66edc5cdea59200c63550ad25fdb542e83a9f";><code>f7c66ed</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/square/okhttp/issues/5993";>#5993</a> from square/jwilson.0426.multipart_reader</li> <li><a href="https://github.com/square/okhttp/commit/37a7e7e9d14daf5e694afd9762b9e326e1098c45";><code>37a7e7e</code></a> Multipart reader first steps</li> <li>Additional commits viewable in <a href="https://github.com/square/okhttp/compare/parent-3.14.2...parent-4.6.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
